Filtered by vendor Rsa
Subscribe
Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11059 | 1 Rsa | 1 Archer | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2018-11065 | 1 Rsa | 1 Archer | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read certain data. Embedded WorkPoint is upgraded to version 4.10.16, which contains a fix for the vulnerability. | |||||
| CVE-2018-11060 | 1 Rsa | 1 Archer | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges. | |||||
| CVE-2018-15782 | 1 Rsa | 1 Authentication Manager | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system. | |||||
| CVE-2018-11049 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
| RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system. | |||||
| CVE-2018-11074 | 2 Emc, Rsa | 2 Rsa Authentication Manager, Authentication Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2018-11073 | 2 Emc, Rsa | 2 Rsa Authentication Manager, Authentication Manager | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser. | |||||
| CVE-2018-1247 | 1 Rsa | 1 Authentication Manager | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
| RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application. | |||||
| CVE-2018-1233 | 1 Rsa | 1 Authentication Agent For Web | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. | |||||
| CVE-2018-1252 | 1 Rsa | 1 Web Threat Detection | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application. | |||||
| CVE-2018-1182 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges. | |||||
| CVE-2018-1248 | 1 Rsa | 1 Authentication Manager | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains. | |||||
| CVE-2018-1232 | 1 Rsa | 1 Authentication Agent For Web | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation. | |||||
| CVE-2018-1234 | 1 Rsa | 1 Authentication Agent For Web | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent. | |||||
| CVE-2017-14371 | 1 Rsa | 1 Archer Grc Platform | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-8005 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application. | |||||
| CVE-2017-8004 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under. | |||||
| CVE-2017-14372 | 1 Rsa | 1 Archer Grc Platform | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-5004 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | |||||
| CVE-2017-14370 | 1 Rsa | 1 Archer Grc Platform | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||